Educational establishments using the plugins are urged to update to the latest versions immediately to prevent exploitation 

As Covid-19 forces students and employees to learn and train from home, researchers from Check Point have found serious vulnerabilities in the three most widely-used WordPress plugins that are used for large-scale online learning:

  1. LearnPress
  2. LearnDash
  3. LifterLMS

If not fixed, the flaws could enable students, as well as unauthenticated users, to steal personal information, siphon money and/or attain teacher privileges from the online learning platforms.  

Researchers at Check Point have identified serious security flaws in the most widely-used plugins powering online learning platforms. As the Covid-19 pandemic forces people everywhere into their homes, top academic institutions and Fortune 500 companies are relying on learning management systems (LMS) to conduct virtual classes without having students or employees come into a physical classroom.

Check Point Research discovered the security flaws in the three leading WordPress plugins, LearnPress, LearnDash and LifterLMS, which transform any WordPress website into a fully functioning and easy-to-use LMS. The three plugins are used by Fortune 500 companies and some of the top universities in the world, including the University of Florida, University of Michigan, University of Washington, and are installed on approximately 100,000 different educational platforms.

The vulnerabilities, which ranged from Privilege Escalation through to SQL Injection, to full Remote Code Execution capability, would have enabled students, as well as unauthenticated users, to steal personal information, siphon money and/or attain teacher privileges.

Specifically, a person could leverage the security flaws to:

  • Steal personal information: names, emails, usernames and passwords
  • Funnel money from an LMS into their own bank accounts
  • Change grades for themselves
  • Change grades for peers
  • Forge certificates
  • Retrieve test answers
  • Escalate their privileges to that of a teacher

Check Point Vulnerability Research Team Leader, Omri Herscovici said:

“Because of coronavirus, we’re doing everything from our homes, including our formal learning. Students and employees logging into eLearning sites probably don’t know just how dangerous that can be. We proved that hackers could easily take control of the entire eLearning platform.

"Top educational institutions, as well as many online academies, rely on the systems that we researched in order to run their entire online courses and training programs. The vulnerabilities found allow students, and sometimes even unauthenticated users, to gain sensitive information or take control of the LMS platforms. We urge the relevant educational establishments everywhere to check if they are using these plugins and update to the latest versions of them.”

Responsible disclosure and vulnerability fixes

Researchers found the vulnerabilities in a span of two weeks during March 2020. Check Point responsibly disclosed each of the vulnerabilities in the respective platforms to the appropriate developers. All of the vulnerabilities were patched, and were given these CVE entries:  CVE-2020-6008, CVE-2020-6009, CVE-2020-6010 and CVE-2020-6011.  IT teams running LMS platforms should check if they are using the affected plugins and update to the latest versions to close the vulnerabilities.


About Learning Management Systems

An LMS is a vast repository where educational information is stored and tracked. Anyone with a login and password can access these online training resources any time, from any location. The most common use for LMS software is to deploy and track online training initiatives. Typically, assets are uploaded to the LMS, making them easily accessible for remote learners.

As millions of people log-in to online courses from home because of coronavirus, academic institutions and employers use a LMS to virtually create classes, share coursework, enroll students, and evaluate students with quizzes.  

Details of the affected plugins are:

  • LearnPress: Plugin that creates courses with quizzes and lessons as the students move through the curriculum. Used in over 21,000 schools and boasts 80,000 installations.
  • LearnDash: Plugin that provides tools for content dripping, selling courses, rewarding learners, and activating triggers based on actions. Over 33,000 websites use LearnDash, including many in the Fortune 500, as well as the University of Florida, University of Michigan, and University of Washington
  • LifterLMS: Plugin that provides sample courses, sample quizzes, certificates, and a fully configured website. Over 17,000 websites use this plugin, including WordPress agencies and educators, along with various school and educational establishments.

You may also be interested in these articles:


Newsroom Activity

Solvendis added a new event 4 hours

Effective Self Assessment & Improvement Planning (Zoom...

The self-assessment process is, further, the key way in which providers can measure the effectiveness of their provision against the EIF. Under the...

  • Friday, 07 August 2020 10:00 AM
  • Zoom Conferencing

Latest Education News

Further Education News

The FE News Channel gives you the latest education news and updates on emerging education strategies and the #FutureofEducation and the #FutureofWork.

Providing trustworthy and positive Further Education news and views since 2003, we are a digital news channel with a mixture of written word articles, podcasts and videos. Our specialisation is providing you with a mixture of the latest education news, our stance is always positive, sector building and sharing different perspectives and views from thought leaders, to provide you with a think tank of new ideas and solutions to bring the education sector together and come up with new innovative solutions and ideas.

FE News publish exclusive peer to peer thought leadership articles from our feature writers, as well as user generated content across our network of over 3000 Newsrooms, offering multiple sources of the latest education news across the Education and Employability sectors.

FE News also broadcast live events, podcasts with leading experts and thought leaders, webinars, video interviews and Further Education news bulletins so you receive the latest developments in Skills News and across the Apprenticeship, Further Education and Employability sectors.

Every week FE News has over 200 articles and new pieces of content per week. We are a news channel providing the latest Further Education News, giving insight from multiple sources on the latest education policy developments, latest strategies, through to our thought leaders who provide blue sky thinking strategy, best practice and innovation to help look into the future developments for education and the future of work.

In May 2020, FE News had over 120,000 unique visitors according to Google Analytics and over 200 new pieces of news content every week, from thought leadership articles, to the latest education news via written word, podcasts, video to press releases from across the sector.

We thought it would be helpful to explain how we tier our latest education news content and how you can get involved and understand how you can read the latest daily Further Education news and how we structure our FE Week of content:

Main Features

Our main features are exclusive and are thought leadership articles and blue sky thinking with experts writing peer to peer news articles about the future of education and the future of work. The focus is solution led thought leadership, sharing best practice, innovation and emerging strategy. These are often articles about the future of education and the future of work, they often then create future education news articles. We limit our main features to a maximum of 20 per week, as they are often about new concepts and new thought processes. Our main features are also exclusive articles responding to the latest education news, maybe an insight from an expert into a policy announcement or response to an education think tank report or a white paper.

FE Voices

FE Voices was originally set up as a section on FE News to give a voice back to the sector. As we now have over 3,000 newsrooms and contributors, FE Voices are usually thought leadership articles, they don’t necessarily have to be exclusive, but usually are, they are slightly shorter than Main Features. FE Voices can include more mixed media with the Further Education News articles, such as embedded podcasts and videos. Our sector response articles asking for different comments and opinions to education policy announcements or responding to a report of white paper are usually held in the FE Voices section. If we have a live podcast in an evening or a radio show such as SkillsWorldLive radio show, the next morning we place the FE podcast recording in the FE Voices section.

Sector News

In sector news we have a blend of content from Press Releases, education resources, reports, education research, white papers from a range of contributors. We have a lot of positive education news articles from colleges, awarding organisations and Apprenticeship Training Providers, press releases from DfE to Think Tanks giving the overview of a report, through to helpful resources to help you with delivering education strategies to your learners and students.


We have a range of education podcasts on FE News, from hour long full production FE podcasts such as SkillsWorldLive in conjunction with the Federation of Awarding Bodies, to weekly podcasts from experts and thought leaders, providing advice and guidance to leaders. FE News also record podcasts at conferences and events, giving you one on one podcasts with education and skills experts on the latest strategies and developments.

We have over 150 education podcasts on FE News, ranging from EdTech podcasts with experts discussing Education 4.0 and how technology is complimenting and transforming education, to podcasts with experts discussing education research, the future of work, how to develop skills systems for jobs of the future to interviews with the Apprenticeship and Skills Minister.

We record our own exclusive FE News podcasts, work in conjunction with sector partners such as FAB to create weekly podcasts and daily education podcasts, through to working with sector leaders creating exclusive education news podcasts.

Education Video Interviews

FE News have over 700 FE Video interviews and have been recording education video interviews with experts for over 12 years. These are usually vox pop video interviews with experts across education and work, discussing blue sky thinking ideas and views about the future of education and work.


FE News has a free events calendar to check out the latest conferences, webinars and events to keep up to date with the latest education news and strategies.

FE Newsrooms

The FE Newsroom is home to your content if you are a FE News contributor. It also help the audience develop relationship with either you as an individual or your organisation as they can click through and ‘box set’ consume all of your previous thought leadership articles, latest education news press releases, videos and education podcasts.

Do you want to contribute, share your ideas or vision or share a press release?

If you want to write a thought leadership article, share your ideas and vision for the future of education or the future of work, write a press release sharing the latest education news or contribute to a podcast, first of all you need to set up a FE Newsroom login (which is free): once the team have approved your newsroom (all content, newsrooms are all approved by a member of the FE News team- no robots are used in this process!), you can then start adding content (again all articles, videos and podcasts are all approved by the FE News editorial team before they go live on FE News). As all newsrooms and content are approved by the FE News team, there will be a slight delay on the team being able to review and approve content.

 RSS IconRSS Feed Selection Page